# --------------------------------------------------------------------------------------------- # DO NOT EDIT THIS FILE, INSTEAD CREATE THE FILE "local.yaml" AND ADD YOUR SETTINGS IN THERE. # See https://www.kimai.org/documentation/local-yaml.html # # Be aware that this file is YAML format and the indentation is important. # Each config level needs to be indented with 4 additional spaces. # --------------------------------------------------------------------------------------------- kimai: saml: activate: true title: Login with IAM mapping: - { saml: $email, kimai: email } - { saml: $name, kimai: alias } roles: resetOnLogin: false # attribute: Groups # mapping: # # Insert your role-mapping here (ROLE_USER is added automatically) # - { saml: Admin, kimai: ROLE_SUPER_ADMIN } # - { saml: Manager, kimai: ROLE_ADMIN } # - { saml: Teamlead, kimai: ROLE_TEAMLEAD } connection: idp: entityId: 'urn:auth.libraryofcode.org' singleSignOnService: url: 'https://auth.libraryofcode.org/samlp/1sEhaaFdWtinNdi6ov8eiNhGSenS7qmD' binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' #singleLogoutService: # url: 'https://www.example.com/logout' # binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' x509cert: 'MIIDDzCCAfegAwIBAgIJUAAq4EwiXEPrMA0GCSqGSIb3DQEBCwUAMCUxIzAhBgNVBAMTGmxpYnJhcnlvZmNvZGUudXMuYXV0aDAuY29tMB4XDTIxMDUyMzIwNTQ0OVoXDTM1MDEzMDIwNTQ0OVowJTEjMCEGA1UEAxMabGlicmFyeW9mY29kZS51cy5hdXRoMC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQh2G5y3EkOHkELf9vESZrGPNBfTTR4C7QRclfqCDIPaxqkkH7JhivnyOUnpOE1+8ZC3Z6kvIjHE2tJSMd3JEV1r83NOv3Iowy5NLsd7iz9CctXdYH+cJSRAQMjLYIwZg04yX+mSAMn/hdCKbMjtlg1eUer6miPOzqIMGwVptUybYIX+a6LHDyAP39CxZtD5UsWCb15NYpKqXsOHtq7EWowLf2DaocFfEV7PvZCzSR9dIRKJf2yC/oSyX8/3zAVhaWJTxBMyuYseFSQcPNcAsWrxNuF3yh4u2R05aGBPJXF2ztx6M7Mv4bK2Uvzxv4mx7wSxKbcfC9h/1vtS9qapNLAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFImsV52lnWc99Meaj9/zPAALrOVMA4GA1UdDwEB/wQEAwIChDANBgkqhkiG9w0BAQsFAAOCAQEAlA8LCnFnUamt/PZBqHe22rPCUfeglPQlmx9OSJL9SA9J4OcTEtZOao0AwRFFjFIBR+9frD5laWzWcE63tTlLlN2y1EbUMIbH/WtCNEXrq+i750spMlCtwqiCY8dIQPfBl0gfbr3sCllx0FLcZVmUCR3wewIGdVM/Jg69NfOoDmSTYKtqnDpSKtTZxudoKx+ZRxBDJQiBlCxEFeE05g6MVaK6mXRnG0nyhoRxJD4di1uN9dHgr2JWMpbVNaD1ZN9j02CEBr6Qtg1mCuGeX4K1BIWI0dCZGOqXKWYbjeSgjvsZha6op6Gz2rLP1NR+RpLpND2/REysxCbYwok8IXKvNA==' # Your Kimai: replace https://www.example.com with your base URL sp: entityId: 'https://time.libraryofcode.org/auth/saml/metadata' assertionConsumerService: url: 'https://time.libraryofcode.org/auth/saml/acs' binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' #singleLogoutService: # url: 'https://auth.libraryofcode.org/auth/saml/logout' # binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' #privateKey: '' # only set baseurl, if auto-detection doesn't work #baseurl: '' strict: true debug: true security: nameIdEncrypted: false authnRequestsSigned: false logoutRequestSigned: false logoutResponseSigned: false wantMessagesSigned: false wantAssertionsSigned: false wantNameIdEncrypted: false requestedAuthnContext: true signMetadata: false wantXMLValidation: true signatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256' contactPerson: technical: givenName: 'Kimai Admin' emailAddress: 'admin@example.com' support: givenName: 'Kimai Support' emailAddress: 'support@example.com' organization: en: name: 'Kimai' displayname: 'Kimai' url: 'https://www.example.com' # -------------------------------------------------------------------------------- # AUTHENTICATION # -------------------------------------------------------------------------------- # user: # registration: false # password_reset: true # -------------------------------------------------------------------------------- # -------------------------------------------------------------------------------- # TIME-TRACKING # -------------------------------------------------------------------------------- timesheet: # Allows to render timesheet descriptions with markdown # This setting can be changed through the Administration screen # markdown_content: false # Configures the duration drop-down select. # null = use rounding rules, 0 = deactivate, every other number is used as minute/step increment # duration_increment: ~ # Configures the minute select for begin and end date-time. # null = use rounding rules, every number > 0 is used as minute/step increment # time_increment: ~ # The time-tracking mode that should be used. # mode: default # The default time to pre-fill the "create timesheet" form (in some cases). # This setting is only respected by some time-tracking modes and not in all situations. # # Accepted formats, see # - https://www.php.net/manual/en/datetime.formats.php # - https://www.php.net/manual/en/datetime.formats.time.php # default_begin: now # Rounding rules are used to round the begin & end dates and the duration for timesheet records. # The "default" rule will round "begin" down and "end" up to the full minute, the "duration" will not be rounded. # rounding: # default: # days: ['monday','tuesday','wednesday','thursday','friday','saturday','sunday'] # begin: 1 # end: 1 # duration: 0 # mode: default # If you want to apply different hourly rates for specific weekdays, you can uncomment the "rates" configuration. # The "weekend" rule will add 50% to each timesheet entry that will be recorded on "saturdays" or "sundays". # rates: # weekend: # days: ['saturday','sunday'] # factor: 1.5 # If you want to limit the max. active entries per user, you can do it here. # The hard_limit is used to detect how many active records are allowed per user: # - by default a user can only have one active time-record: it is automatically stopped when a new one is started # - when hard_limit is > 1 and the user is trying to start a new entry after reaching the limit, a warning is shown # and the user has to stop an active entry first # active_entries: # hard_limit: 3 # -------------------------------------------------------------------------------- # -------------------------------------------------------------------------------- # PERMISSIONS # -------------------------------------------------------------------------------- permissions: # mapping complex rule sets of single permissions to named "sets" ("set name" = [array of "permissions and @SETS"]) sets: ACTIVITIES: ['view_activity','create_activity','edit_activity','budget_activity','time_activity','delete_activity','permissions_activity'] ACTIVITIES_ALL_TEAMLEAD: ['view_teamlead_activity','edit_teamlead_activity','budget_teamlead_activity','time_teamlead_activity','permissions_teamlead_activity'] ACTIVITIES_ALL_TEAM: ['view_team_activity','edit_team_activity','budget_team_activity','time_team_activity'] ACTIVITIES_TEAMLEAD: ['view_teamlead_activity','create_activity','edit_teamlead_activity','budget_teamlead_activity','time_teamlead_activity'] PROJECTS: ['view_project','create_project','edit_project','budget_project','time_project','delete_project','permissions_project','comments_project','comments_create_project','details_project'] PROJECTS_ALL_TEAMLEAD: ['view_teamlead_project','edit_teamlead_project','budget_teamlead_project','time_teamlead_project','permissions_teamlead_project','comments_teamlead_project','comments_create_teamlead_project','details_teamlead_project'] PROJECTS_ALL_TEAM: ['view_team_project','edit_team_project','budget_team_project','time_team_project','comments_team_project','comments_create_team_project','details_team_project'] PROJECTS_TEAMLEAD: ['view_teamlead_project','budget_teamlead_project','time_teamlead_project','comments_teamlead_project','comments_create_teamlead_project','details_teamlead_project'] CUSTOMERS: ['view_customer','create_customer','edit_customer','budget_customer','time_customer','delete_customer','permissions_customer','comments_customer','comments_create_customer','details_customer'] CUSTOMERS_ALL_TEAMLEAD: ['view_teamlead_customer','edit_teamlead_customer','budget_teamlead_customer','time_teamlead_customer','permissions_teamlead_customer','comments_teamlead_customer','comments_create_teamlead_customer','details_teamlead_customer'] CUSTOMERS_ALL_TEAM: ['view_team_customer','edit_team_customer','budget_team_customer','time_team_customer','comments_team_customer','comments_create_team_customer','details_team_customer'] CUSTOMERS_TEAMLEAD: ['view_teamlead_customer','budget_teamlead_customer','time_teamlead_customer','comments_teamlead_customer','comments_create_teamlead_customer','details_teamlead_customer'] INVOICE: ['view_invoice','create_invoice'] INVOICE_ADMIN: ['manage_invoice_template'] INVOICE_ALL: ['delete_invoice'] TIMESHEET: ['view_own_timesheet','start_own_timesheet','stop_own_timesheet','create_own_timesheet','edit_own_timesheet','export_own_timesheet','delete_own_timesheet','weekly_own_timesheet'] TIMESHEET_OTHER: ['view_other_timesheet','start_other_timesheet','stop_other_timesheet','create_other_timesheet','edit_other_timesheet','export_other_timesheet','delete_other_timesheet'] PROFILE: ['view_own_profile','edit_own_profile','password_own_profile','preferences_own_profile','api-token_own_profile'] PROFILE_OTHER: ['view_other_profile','edit_other_profile','password_other_profile','roles_other_profile','preferences_other_profile','api-token_other_profile','teams_other_profile'] TAGS: ['view_tag','manage_tag','delete_tag'] USER: ['view_user','create_user','delete_user','role_permissions'] RATE: ['view_rate_own_timesheet','edit_rate_own_timesheet'] RATE_OTHER: ['view_rate_other_timesheet','edit_rate_other_timesheet'] EXPORT: ['create_export','edit_export_own_timesheet','edit_export_other_timesheet'] BILLABLE: ['edit_billable_own_timesheet','edit_billable_other_timesheet'] TEAMS: ['view_team','create_team','edit_team','delete_team'] LOCKDOWN: ['lockdown_grace_timesheet','lockdown_override_timesheet'] REPORTING: ['view_reporting','view_other_reporting'] # some single default definitions for roles SINGLE_USER: ['view_team_member','time_team_project'] SINGLE_TEAMLEAD: ['view_rate_own_timesheet','view_rate_other_timesheet','hourly-rate_own_profile','view_team_member'] SINGLE_ADMIN: ['hourly-rate_own_profile','edit_exported_timesheet','teams_own_profile','view_team_member','view_all_data'] SINGLE_SUPER_ADMIN: ['hourly-rate_own_profile','hourly-rate_other_profile','roles_own_profile','system_information','system_configuration','plugins','edit_exported_timesheet','teams_own_profile','view_team_member','upload_invoice_template','view_all_data'] # link above sets to one complete set for each user role ROLE_USER: ['@TIMESHEET','@PROFILE','@REPORTING','@SINGLE_USER'] ROLE_TEAMLEAD: ['@ACTIVITIES_TEAMLEAD','@PROJECTS_TEAMLEAD','@CUSTOMERS_TEAMLEAD','@TIMESHEET_OTHER','@INVOICE','@TIMESHEET','@PROFILE','@EXPORT','@BILLABLE','@TAGS','@REPORTING','@SINGLE_TEAMLEAD'] ROLE_ADMIN: ['@ACTIVITIES','@PROJECTS','@CUSTOMERS','@INVOICE','@INVOICE_ADMIN','@TIMESHEET','@TIMESHEET_OTHER','@PROFILE','@TEAMS','@RATE','@RATE_OTHER','@EXPORT','@BILLABLE','@TAGS','@LOCKDOWN','@REPORTING','@SINGLE_ADMIN'] ROLE_SUPER_ADMIN: ['@ACTIVITIES','@PROJECTS','@CUSTOMERS','@INVOICE','@INVOICE_ADMIN','@TIMESHEET','@TIMESHEET_OTHER','@PROFILE','@PROFILE_OTHER','@USER','@TEAMS','@RATE','@RATE_OTHER','@EXPORT','@BILLABLE','@TAGS','@LOCKDOWN','@REPORTING','@SINGLE_SUPER_ADMIN'] # mapping "sets" or permissions to user roles ("role name" = [array of "set names"]) maps: ROLE_USER: ['ROLE_USER'] ROLE_TEAMLEAD: ['ROLE_TEAMLEAD'] ROLE_ADMIN: ['ROLE_ADMIN'] ROLE_SUPER_ADMIN: ['ROLE_SUPER_ADMIN'] # only here to register the (partially) unused permissions in the UI ROLE_FAKE: ['CUSTOMERS_ALL_TEAMLEAD','CUSTOMERS_ALL_TEAM','PROJECTS_ALL_TEAMLEAD','PROJECTS_ALL_TEAM','ACTIVITIES_ALL_TEAMLEAD','ACTIVITIES_ALL_TEAM','INVOICE_ALL'] # add or remove single permissions roles: ROLE_USER: [] ROLE_TEAMLEAD: [] ROLE_ADMIN: [] ROLE_SUPER_ADMIN: [] # -------------------------------------------------------------------------------- # -------------------------------------------------------------------------------- # CALENDAR Configuration # -------------------------------------------------------------------------------- # calendar: # week_numbers: true # weekends: true # day_limit: 4 # slot_duration: '00:30:00' # businessHours: # days: [1, 2, 3, 4, 5] # begin: '08:00' # end: '18:00' # visibleHours: # begin: '00:00' # end: '24:00' # # # You can configure unlimited google calendars to display events for your company (e.g. holidays) # google: # api_key: 'your-restricted-google-api-key' # sources: # holidays: # id: 'de.german#holiday@group.v.calendar.google.com' # color: '#ccc' # -------------------------------------------------------------------------------- # -------------------------------------------------------------------------------- # INVOICES # -------------------------------------------------------------------------------- # invoice: # # all files in these directories will be used as invoice documents (if supported by a renderer) # documents: # - 'var/invoices/' # - 'templates/invoice/renderer/' # -------------------------------------------------------------------------------- # -------------------------------------------------------------------------------- # DASHBOARD # -------------------------------------------------------------------------------- dashboard: user_duration: title: ~ order: 10 permission: view_own_timesheet widgets: [PaginatedWorkingTimeChart] user_teams: title: ~ order: 15 permission: ROLE_USER widgets: [UserTeams, UserTeamProjects] user_rates: title: ~ order: 20 permission: view_rate_own_timesheet widgets: [userAmountToday, userAmountWeek, userAmountMonth, userAmountYear] duration: title: dashboard.all order: 30 permission: ROLE_TEAMLEAD widgets: [durationToday, durationWeek, durationMonth, durationYear] active_users: title: ~ order: 40 permission: ROLE_TEAMLEAD widgets: [activeUsersToday, activeUsersWeek, activeUsersMonth, activeUsersYear] rates: title: ~ order: 50 permission: view_all_data widgets: [amountToday, amountWeek, amountMonth, amountYear] totals: title: ~ order: 100 permission: ROLE_USER widgets: [TotalsUser, TotalsCustomer, TotalsProject, TotalsActivity] # -------------------------------------------------------------------------------- # -------------------------------------------------------------------------------- # LANGUAGES # -------------------------------------------------------------------------------- languages: cs: date_type: 'dd.MM.yyyy' date: 'd.m.Y' date_time: 'd.m H:i' da: date_type: 'dd.MM.yyyy' date: 'd.m.Y' date_time: 'd.m. H:i' de: date_type: 'dd.MM.yyyy' date: 'd.m.Y' date_time: 'd.m. H:i' de_AT: date_type: 'dd.MM.yyyy' date: 'd.m.Y' date_time: 'd.m. H:i' de_CH: date_type: 'dd.MM.yyyy' date: 'd.m.Y' date_time: 'd.m. H:i' el: date_type: 'dd.MM.yyyy' date: 'd.m.Y' date_time: 'd.m. H:i' en: date_type: 'yyyy-MM-dd' date: 'Y-m-d' date_time: 'm-d H:i' duration: '%%h:%%m h' en_GB: date_type: 'dd/MM/yyyy' date: 'd/m/Y' date_time: 'd/m H:i' es: date_type: 'dd.MM.yyyy' date: 'd.m.Y' date_time: 'd.m. H:i' fi: date_type: 'dd.MM.yyyy' date: 'd.m.Y' date_time: 'd.m. H:i' fr: date_type: 'dd/MM/yyyy' date: 'd/m/Y' date_time: 'd/m H:i' duration: '%%h h %%m' he: date_type: 'dd/MM/yyyy' date: 'd/m/Y' date_time: 'd/m H:i' duration: '%%h:%%m' hr: date_type: 'dd. MM. yyyy.' date: 'd. m. Y.' date_time: 'd. m. H:i' duration: '%%h:%%m' hu: date_type: 'yyyy.MM.dd.' date: 'Y.m.d.' date_time: 'm.d. H:i' it: date_type: 'dd.MM.yyyy' date: 'd.m.Y' date_time: 'd.m. H:i' nl: date_type: 'dd.MM.yyyy' date: 'd.m.Y' date_time: 'd.m. H:i' duration: '%%hu%%m' pt: date_type: 'dd/MM/yyyy' date: 'd/m/Y' date_time: 'd-m H:i' pt_BR: date_type: 'dd-MM-yyyy' date: 'd-m-Y' date_time: 'd-m H:i' ru: date_type: 'dd.MM.yyyy' date: 'd.m.Y' date_time: 'd.m. H:i' sk: date_type: 'dd. MM. yyyy' date: 'd. m. Y' date_time: 'd. m. H:i' sv: duration: '%%h:%%m tim' date_time: 'd/m H:i' pl: date_type: 'dd. MM. yyyy' date: 'd. m. Y' date_time: 'd. m. H:i' # --------------------------------------------------------------------------------